Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No access to WAN from LAN1,LAN2, but LAN0 works

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 641 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      scoleman
      last edited by scoleman

      I just installed pfSense 2.5.2 on a Protectli vault (FW4B) and while LAN1 just works right out of the box I am struggling with how to get both LAN2 and LAN3 to be able to route to the WAN as well.

      My FW4B interfaces have been renamed, associated with a network port, and have all been enabled
      LAN ->LAN1, 192.168.1.1 <--Works out of the box
      OPT1->LAN2, 192.168.2.1 <--Does not Work
      OPT2->LAN3, 192.168.3.1 <--Does not Work

      My objective here is to segregate all my untrusted WiFi and IoT devices onto their own subnets where I can then lock them down and monitor in fine detail what they are doing. No more doorbells ringing in the middle of the night when nobody is even at the door. I've had it with plug-and-play devices that you can not control other than pulling the plug.

      I have seen suggestions other sites who have have simply bridged their LAN interfaces together but I actually want to keep them segregated from my more important office equipment. Try as I may I have been unable to get my LAN2 or LAN3 interfaces to even connect through to the WAN/Internet.

      I have no doubt the problem is "user error" but I can not for the life of me figure out what is needed to get the other two interfaces to route properly. I don't see anything different from the LAN1 settings but under Status/Interfaces I do see "no carrier" for both non-working interfaces. The devices connected to them both work fine when connected to LAN1 but they are not seeing anything with LAN2 or LAN3. (see below edit on the carrier)

      Q1: What is the bare minimum needed to get these other two interfaces to route to the WAN?

      If I can just get that far I can at least start collecting some network traffic data and figure out some filtering rules for the impending lockdown.

      Thanks,

      Steve

      Edit: The No-carrier was just due to the devices attached going to sleep. The link says "up" once the device is awake.

      KOMK 1 Reply Last reply Reply Quote 0
      • KOMK Offline
        KOM @scoleman
        last edited by

        @scoleman Have you added firewall rules on the LAN2, LAN3 tabs to allow access? Only LAN1 gets an allow rule by default.

        S 1 Reply Last reply Reply Quote 1
        • S Offline
          scoleman @KOM
          last edited by

          @kom Thank you! You were correct. It took me a while to find the existing rules and duplicate them for the other two interfaces. I obviously have a lot to learn about pfsense.

          I now have one of my two WiFi hubs online so I can start to play with it. This is very different from the iptables that I am used to.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.